Kaspersky Exposes Sophisticated Malware Platform ‘EquationDrug’

Securityweek.com reported on 11th March, 2015 stating that security researchers of a Russian security firm Kaspersky recently exposed the activities of the Equation Group which is a group of hackers responsible for minimum 500 malware infections in 42 countries and released the details about the group's malware platform EquationDrug.

The Equation Group was discovered a month ago and linked to cyber-espionage attacks extending to more than a decade. Kaspersky Lab identified the group as state-sponsored and pointed the fingers at the United States due to the complexity of the attacks and other evidence. Attacks by Equation Group have also focused entirely on adversaries of the United States including Russia and Iran.

Kaspersky explained that "EquationDrug" is still in use starting from 2003 although more modern GrayFish platform is being pressed to new victims.

He added that it becomes important to note that EquationDrug is not just a computer Trojan but a full espionage platform including a framework to conduct cyberespionage activities by installing specific modules on the machines of selected victims and the concept of cyberespionage platform is not new and unique.

Kaspersky said that altogether EquationDrug platform includes dozens of executables, protected storage locations and configurations. The design of the whole framework looks like a mini-operating system with kernel-mode and user-mode components which are "as sophisticated as a space station."

The group has apparently launched cyber attacks in over 30 countries including Afghanistan, Russia, Syria, Pakistan and dozens more.

Kaspersky says: "The case of EquationDrug reveals an interesting trend which have been seen while tools of cyberattack being analyzed apparently: a growth in code sophistication."

The report reads: "it is obvious that attackers belonging to nation-state are searching for better reliability, invisibility, stability and universality in their tools of cyber-espionage. Outdated cybercriminals distribute emails among mass with maligned attachments or infect websites on a broader scale but nation-states produce automatic systems which infect only preferred users. Outdated cybercriminals normally reuse one tainted file for all victims but nation-states create malware which is unique for each victim and even employ limits which prevent decryption and execution other than the targeted computer."

» SPAMfighter News - 3/23/2015